Changes

Fixed a number of outstanding bugs related to timezones and date functions (please read below for further details).

General performance enhancements.

New feature: Guest Authentication now offers ratable (periodic) bandwidth limits; you can limit accounts to a defined amount of bandwidth per day (or any other time interval). In any Guest Authentication System, see Settings > Limits: Bandwidth Limit.

Timezone Details

Due to the above changes, some customers’ existing timezones are no longer supported. These were automatically migrated according to the table below. If these conversions are not appropriate for your account, please update them manually from your SputnikNet control panel.

There are some changes coming soon from Facebook that will impact your Wi-Fi networks using Facebook authentication.

Overview

Facebook is tightening the policies that control how all developers utilize their system. Facebook will phase these new policies in starting May 1, 2015. You can find more information about the changes at developers.facebook.com.

Sputnik will release an updated Facebook authentication system that complies with these guidelines during the week of April 27, 2015.

Below is an overview of the changes as we understand them, with information about how you can get ready.

Apps must be linked to Facebook Developer Accounts

Currently, Sputnik offers an app that many of our customers use for Facebook authentication.

Impact: after the changes you will no longer be able to create new authentication systems that use the Sputnik Facebook app, but will need to create and use a custom Facebook app.

Authentication systems currently using the Sputnik Facebook app will need to transition to a custom Facebook app within 90 days (July 1, 2015). You can learn more about how to create a custom Facebook app at developers.facebook.com.

Required gestures and profile requests will be deprecated

Impact: all required social gestures and profile requests will be switched to requested.

Pre-written wall posts will no longer be allowed

Impact: if you enable "Request Like" an optional wall post request will be made in addition to the requested like. The user will be able to write and post their own content to their wall referencing your URL.

Apps requesting user birthdate must be reviewed by Facebook

Similar to the way Apple controls their iOS ecosystem, Facebook is now requiring apps that use certain Facebook features to be submitted to a review process.

Impact: if you want to request the user's birthdate, you will need to submit your app to Facebook for review. Facebook states that the process takes approximately 5 business days.

Facebook Authentication System

We’re pleased to add a new Facebook Authentication System to our growing stable of SputnikNet login methods.

Here’s how it works:

You can now create one or many Facebook Authentication Systems and add them to your captive portals. All you need to do is create a Facebook app in your account (more information about how to do this is at developers.facebook.com) and link it to SputnikNet. Then, when users connect to your Wi-Fi access point, they’ll be presented to log in with their Facebook credentials.

Sputnik’s Facebook Authentication System has tons of flexibility. Here are just some of the things you can do:

Have customers login to your hotspot with their Facebook ID

Require or request a Facebook Like (to the web page of your choice)

Require or request a wall post (you can have up to ten pre-written wall posts that will appear on your customer’s walls)

Require or request customers’ email addresses

Require or request customers’ birthrates

Award session limits based upon how much the customer agrees to share

Full customization of the look and feel and login text

As with all other SputnikNet Authentication Systems, you can set bandwidth up/down limits, apply network policies, and completely control the look and feel of the login process.

Best of all, as you collect customer data it is yours to do with per your customer privacy agreements. For example, you can collect email addresses for online marketing programs.

We believe SputnikNet’s Facebook Authentication is the most flexible way of using Facebook to enable customers to log into Wi-Fi. You are in complete control, with the ability to request or require the appropriate information or social gesture from your customers, and full and exclusive access to the data you generate.

Synchronization between router and SputnikNet cloud is faster and more efficient.

New “Cloud Lock” mode automatically overrides local router settings with values set in SputnikNet.

New “Disable Local Admin” mode prevents router settings from being modified locally. This turns off the router’s web admin console, SSH, telnet, UPnP and disables the router’s reset button, so a 30–30–30 reset will not be possible.

Added “Drag and drop” controls for prioritizing Quality of Service (QoS) settings, with pre-built templates.

Norton ConnectSafe DNS resolution and content filtering solution is now integrated into SputnikNet. This free service enables providers to protect their networks using any of three levels of content filtering against malware, phishing sites, scam sites and adult content sites.

OpenDNS now utilizes update-only password and includes verbose logging for easier troubleshooting.

Enhanced site survey includes scan history: each rescan now updates previously discovered Wi-Fi devices and adds new Wi-Fi devices.

New router performance graphs now include load average and WAN/LAN network activity (requires 3.4.4 firmware).

Routers list includes new optional fields: Authentication Systems, Cloud Lock Status, Local Admin, Local Time, Local Time Zone, Captive Portal Preview.

Router status overview now filters out routers that have been decommissioned (inactive for greater than two weeks).

CRM & Analytics

New survey module enables the creation of online surveys that can be displayed to users during authentication. SputnikNet surveys support a variety of question formats (email, free-form text, checkbox, list, auto-complete). Optional or required questions can appear once per client login, at every login, or after a defined interval.

Bug fix: captive portals now preview properly in sites that have no session records.

Authentication Systems

Bandwidth limits can now be set per authentication system. This is in addition to bandwidth limits set at the router and client level. The order of precedence (from most to least predominant) is client, authentication system, and router.

Here are numerous improvements that we’ve rolled out to SpuntikNet recently. The newest updates took place on January 12-13, 2012; those are bolded. The rest were introduced since the last changelog entry.

Please note that we no longer will be identifying SputnikNet with a version number, but instead, by date. (Sputnik Agent firmware will continue to use a version number—currently that is 3.4.0.)

Captive Portals

Content management system added to facilitate management of images, CSS, Javascript and text snippets that can be inserted into portals as tags

SMS Authentication

Users simply enter cell phone number in captive portal and are sent a text with the login code

Sputnik charges no fees for SMS messages

Session Queueing

Set a maximum number of Wi-Fi sessions on a router; users who log in after the maximum is reached are given a place in line, with an estimate of when they’ll make it to the front of the queue and get online (requires Pro subscription)

Added ability to remotely set timezone on router and to synchronize its clock with Internet time servers.

Enabled remote control over basic wireless scheduling (turn wireless signal on/off at certain times of day).

Enabled remote control over wireless client isolation.

Router local web admin password can now be changed from SputnikNet.

Sputnik Instant Setup

Added ability to set Sputnik Agent mode (e.g. NMS) before assigning the device to its SputnikNet server. This will streamline the deployment of managed range extenders running Sputnik Agent in NMS mode.

Enhanced user bandwidth shaping: you can specify a bandwidth cap (maximum) that is applied to all users on the network, preventing bandwidth hogs. Please note: this feature requires the use of Sputnik Agent firmware version 3.3.7.6.1.

Performance improvements: generally faster captive portal load times.

Bug Fixes:

Update to PayPal Authentication System that prevents users from creating invalid PayPal passwords.

Sputnik Agent Firmware version 3.3.7.6.1 new features and enhancements include:

Support for enhanced user bandwidth shaping in SputnikNet (see above).

Added control over "purge unauthenticated session time". This value sets the amount of time a wireless end-user can spend online before they complete a login. If the user exceeds the allotted time, their unauthenticated session is purged from the database and the captive portal reloads with a new session. Setting the value lower will show fewer unauthenticated settings in SputnikNet’s Client Sessions view, but force the end-user to refresh the captive portal if they exceed the time limit. Setting the value higher will show more unauthenticated sessions, but force fewer captive portal reloads. In 3.3.7.5 the default value was changed from 30 minutes to one hour.

Router List settings for showing fields and display limit are now preserved across sessions.

Bug Fixes:

More fixes to bring SputnikNet into better compliance with UTF-8 character encoding. This will enhance the ability to process PayPal transactions with non-Roman characters.

Ability to add new PayPal user accounts through the SputnikNet interface

Out-of-subscription alert that enables administrators to reset router subscription cache (for example, if you swap routers and get an out-of-subscription alert, you can refresh the database of cached MAC addresses, enabling you to provision the new device without an extra subscription)

Important: if you are running Sputnik Control Center on White Box Enterprise Linux (WBEL), we strongly recommend that you upgrade to CentOS 4.7 before installing this release.

Captive portals: optional ability to append location information and client MAC address parameters to the redirect URL string. This is useful for gathering data about the client device, access point location, and venue information in order to provide dynamic content or local advertising.

Guest authentication: warning popup when three minutes left, if guest authentication expire period is specified.

A checkbox on the "Config Router" page allows users to enable QoS throttling of common peer-to-peer (P2P) services

Maximum bandwidth can be set per router

These features require DD-WRT firmware, starting with release v24 Beta

Network policies

New feature: specify ranges for port forwarding instead of just individual ports

New feature: dynamic host name support for walled gardens (requires Sputnik Agent firmware version 3.3.6.2 or above). This allows users to set walled garden rules using hostnames whose IP addresses may change over time.

Bug fix: "Block Private Nets" now works when applied to an authentication system

PayPal Module: improved walled garden rules

Uses new dynamic walled garden rules to define PayPal hosts. This should correct many of the redirect issues that some customers have experienced since changes to PayPal's network (requires Sputnik Agent firmware version 3.3.6.2 or above)

Miscellaneous updates

New menu "Venue Type" on "Config Router" page to help classify AP locations

Sputnik Support link now points to Sputnik's new support ticketing system

Blocked Devices: allows an administrator to create a list of MAC addresses to block from authenticating with the Guest module. MAC can still authenticate with other Authentication Systems if available.

Access Codes: prompts the user to enter an access code to log in as a Guest. Administrators can add access codes from the web UI or import from a CSV file. Administrators can also define valid time periods that a code can be used.

Guest Expiration Interval: requires the user to log in through the captive portal after a specified interval. For example, you can require guests to view captive portal advertising every x minutes.

Guest Blackout Period: if an expiration interval is defined, an administrator can optionally set a blackout period where a client (MAC Address) will not be permitted to log in again for the specified interval. For example, you can let a user surf for an hour for free, after which they are blocked for 6 hours.

Fixed client sessions table to allow more than 10 rows at a time to be displayed

Dropped "Change" password button when self-registration disabled for a particular authentication system instance

Modified RADIUS module in preparation for roaming features

Modified PayPal module to allow a "pre-auth" state (optionally set by admin). This state creates the end-user account even if a successful response to payment is NOT received by the SCC from PayPal. Administrators should be careful using this mode, but it will reduce support burdens for payments that ARE received but a response from PayPal never triggered account creation in the SCC. When the pre-auth state occurs, the end-user must re-login after payment

Added expire time to session monitor window for PayPal accounts

Added pop-up alert that end-user must confirm to warn of not closing the session monitor. Use of this extra warning is optionally set per authentication system. The default is that this warning will be ON, so administrators must uncheck the option if they don't want the extra warning

Fixed PayPal module bug that did not allow end-users to re-use their previous login id

Added support for Linksys WRT54G and WRT54GS platforms

Added DHCP packet options to improve session updates and tracking

Allow a device database authentication instance to be associated with a captive portal so that it can be easily assigned to multiple routers. Does not affect device auth functionality

Added option to Control Center page to override or remove the Sputnik Logo in the session monitor window. Can replace the logo with any image uploaded to the captive portal text/images page by copying the insert link path

Added optional [style]..[/style] and [javascript]..[/javascript] tags to captive portal text box to make it easy to apply the same style across the entire page, including the authsys instances

Fixed consistency of all timestamp fields in the database to include timezone. Also fixed Australian timezone bug

Added authentication system checkbox option to allow/disallow duplicate logins for any authsys that supports that functionality

Added pre-configure function to routers via MAC address. They can be assigned to a captive portal, named, etc., even before registering with the SCC server so that they will be immediately pre-provisioned and support the expected behavior when they come on-line

Updated the user database Users page to also show the e-mail, title, and organization fields

On the captive portal main page, the append session parameters row is blanked out unless the redirect URL is filled in

Added a new Client Summary report page that shows logins per client over various intervals. Checking bandwidth usage is optional.

Require a valid e-mail format for the e-mail field during end-user registration

Added help text to captive portal pages and split the text/images settings to its own page

Added new Getting Started page under HELP section on left navigation. Not yet fully complete

Fixed plot of router usage that was blank if the SCC time zone did not match the server time zone

Captive portal content supports a few active substitution variables in the format of [subst:OBJNAME:ATTR]. Only the portal object is available during preview. Example: [subst:node:node_name] will substitute the current router's name. Other node attributes include node_location, node_contact, etc., see the nodes table schema for more ideas